Skip to main content

Integration

Grant Suger the necessary permissions to manage your AWS Marketplace on your behalf, no more no less.

Overview

  1. Visit the Integration page of suger console.

  2. Click the button CONNECT and redirect to new browser tab. It will automatically start a AWS CloudFormation Stack on your AWS account to create an IAM role for Suger to access & manage your AWS Marketplace on your behalf.

    tip
    • Contact support@suger.io for the Suger AWS Account ID to fill the stack field AccountId.
    • Fulfill the field MdfsS3BucketName with suger-mdfs-s3-bucket-{your-aws-account-id}.

  3. Check the box of I acknowledge that ... and click button Create stack.

  4. Wait for a few minutes, the AWS Marketplace integration status will be updated as VERIFIED.

    tip
    • You may need to click the button VERIFY to verify whether the AWS marketplace integration works correctly.

Edit Integration

Editing an existing AWS integration is not supported. The practical way is to delete it and then re-connect it with new inputs.

Delete Integration

The AWS integration can be deleted like all other integrations. Once the deletion icon is clicked & confirmed, the integration info will be deleted immediately & permanently from Suger. No time window or methods to recover.

warning
  • To completely delete the IAM Role created for Suger, please visit your AWS CloudFormation, and delete the stack SugerAccessMarketplaceStack, which will remove all resources including IAM Role created for Suger.

Multiple Integrations

It is supported to have multiple AWS Marketplace integrations under the same Suger organization, with each integration operating independently. To set up multiple AWS Marketplace integrations, please follow the guidances below:

  1. Create a new Suger organization in the Suger Console and wait for it to be approved.
  2. In the newly approved Suger organization, set up a second AWS Marketplace integration.
  3. Contact Suger Support with both the new and old Suger organization IDs. The support team will merge the two organizations—retaining the old one and deleting the new one—while preserving both AWS Marketplace integrations under the original/old Suger organization.
tip
  • Once set up, you will see multiple integrations listed on the Suger Console integration page. Each integration can be edited or deleted individually.
  • There are no changes to the process of creating private offers, reporting usage records, or generating revenue reports across the Suger web console, Salesforce app, and HubSpot app. All connections for each integration are automatically managed by the Suger service.

AWS IAM Policies

Here is the list of AWS managed policies included in the Suger Access IAM role.

Policy NameDescription
arn:aws:iam::aws:policy/AWSMarketplaceFullAccessThis policy grants Suger full access to AWS Marketplace and related services, as well as access to Amazon EC2, AWS CloudFormation, and Amazon EC2 Systems Manager.
arn:aws:iam::aws:policy/AWSMarketplaceSellerFullAccessThis policy grants Suger to manage your sales (product listings, offers, entitlements & metering) on marketplace.
SugerAccessMarketplacePolicyThis policy grants Suger necessary-only permissions on AWS s3 & AWS SNS to configure & access your AWS Marketplace Commerce Analytics Service and AWS Marketplace Data Feeds Service.

Marketplace Commerce Analytics Service (MCAS)

The Commerce Analytics Service accesses the Amazon S3 bucket and Amazon SNS topic after you configure the service with the ARN for the topic and name of the bucket. To enable MCAS, please follow the steps below. For more details, see the documentation.

  1. Log in to the AWS Marketplace Management Portal with the AWS account you use to manage your AWS Marketplace products.

  2. Ensure you have the necessary IAM permissions to enroll in the AWS Marketplace Commerce Analytics Service.

  3. Navigate to the Commerce Analytics Service enrollment page.

    • Select Use an existing IAM role

    • Select IAM role as the default MarketplaceCommerceAnalyticsRole

    • Set S3 bucket name suger-mcas-s3-bucket-{aws-account-id}

    • Set SNS topic ARN arn:aws:sns:us-east-1:{aws-account-id}:suger-mcas-sns-topic

    • Click the Enroll button

    warning
    • If you have enrolled the MCAS before, please contact us to get custom configuration. We will update the IAM policy of the IAM role MarketplaceCommerceAnalyticsRole to support the right S3 bucket & SNS topic.

  4. On the AWS Marketplace Management Portal, record the Role Name ARN in the success message.

Marketplace Data Feeds Service (MDFS)

To get the full structured, up-to-date product billing and customer information from AWS Marketplace, it is highly recommended to set up the Data Feeds Service. Follow the below steps:

warning
  • If you have set up the field MdfsS3BucketName with suger-mdfs-s3-bucket-{your-aws-account-id} in the previous cloud formation stack of AWS Marketplace integration, please skip the following step 1 & step 2 since the MDFS S3 bucket and KMS have been created.

  1. Go to the Data Feed Configuration page.

  2. Click Configure with Cloud Formation, a new page with stack template will be opened. Type in the Stack name with mp-data-feed (don't change this name since it is recognized by Suger service), and the S3BucketName with an unique S3 name suger-mdfs-s3-bucket-{aws-account-id}. Then click button Create stack.

    warning
    • The stack name must be mp-data-feed. Otherwise, Suger service won't recognize.
    • The S3BucketName must be suger-mdfs-s3-bucket-{aws-account-id}. Otherwise, suger service won't have permissions to access.
    • The stack must be running in the AWS region us-east-1, not other regions.

  3. Once the upper Cloud Formation stack is 'CREATE_COMPLETE', find the S3 Bucket ARN (for example: arn:aws:s3:::suger-mdfs-s3-bucket-{aws-account-id}) and the KMS Key ARN (for example: arn:aws:kms:us-west-2:awsAccountId:key/keyId), and input them to the Data Feed Configuration page. Click buttion Submit.

  4. Suger service take all the rest of setup and cron data sync pipeline.

FAQ

  • My Security team asked about the need for a KMS access policy. How does Suger use KMS in our account?

    The KMS access is for MDFS integration, which syncs revenue data and buyer information (company name, address, and email domain).

    AWS requires all S3 buckets for marketplace revenue and buyer reports to be encrypted by a KMS key. This KMS key is created via the cloud formation template provided by AWS.

    More details can be found here.

    Sugar doesn’t require general access to your KMS resources; it is only limited to the one related to the MDFS integration.

Set up Tax & Banking Info

AWS marketplace requires the seller/ISV to provide valid Tax & Banking Info before selling paid or BYOL (bring your own license) products. Please visit the setting page of your AWS marketplace management portal, and submit the tax information & banking information (to collect revenue from marketplace sales).

Tax Information

The following fields for tax information are required:

  1. Federal tax classification. Most companies are C Corporation, and the others may be S Corporation, Partnership or Limited liability company.

  2. Business Name and Business Address

  3. EIN (Federal Employer Identification Number)

Banking Information

The following fields for banking information are required:

  1. Bank account address, the address on your company bank account.

  2. Bank account holder name, in most cases, it is your company legal name.

  3. Routing Number

  4. Account Number

FAQ

  • Who do I receive the payment from?

    Payment will always be deposited into your registered bank account. To check your registered bank account, visit the Settings section on AMMP > Payment Information.

  • How much listing/transaction fee does AWS take?

    Listing fees depend on the type of listing, TCV of the offer, and type of offer. The document below is an official document by AWS that covers the fee structure for all scenarios. https://docs.aws.amazon.com/marketplace/latest/userguide/listing-fees.html

  • When is the customer billed?

    AWS bills the customer based on three ways:

    1. Date of subscription acceptance (upfront billing)
    2. Custom payment schedule (private offers built by flexible payment scheduler)
    3. Metered u sage on the second and third day of the month for the prior month’s usage

  • When will I receive money from AWS?

    Every customer has agreed to net payment terms with AWS, which are either net 30,45,60 or net 0 for credit cards. Once a customer receives the bill, they must pay the amount within the agreed terms. 

    Every seller has a disbursement cycle, which can be set up under settings. There are two cycles: daily and monthly. You can receive the money as soon as the AWS receives it or on a specific date every month.

    To check your registered bank account, visit the Settings section on AMMP > Payment Information > Update Banking Information > Disbursement Preference.

  • Do I need to charge and remit taxes separately?

    This depends on the buyer's country. In countries such as the USA, where the marketplace is responsible for collecting and remitting taxes, this function will be handled by AWS itself. In other countries, such as France, the Seller must collect the tax manually.

    This video has all the details about taxes. 

    This link has other details about taxes on different product types, countries supported, and the process.

  • What should we do if there is a delay in receiving payments from AWS?

    You can create a ticket to AWS Support using this link.

  • How to process refunds?

    You can process a full or partial refund to the buyer by clicking this link and submitting the form. 

    You can request a refund even when the buyer has not yet paid the invoice. In the additional comments section, mention that the charges should be waived if they are unpaid.

  • Can I invoice a customer in their currency?

    You will create private offers in Dollars ($) as a seller. AWS will, in turn, check the buyer's currency based on the account ID and the payment settings and then bill them in their currency. 

    AWS uses exchange rates published by Bloomberg every day. Here is the updated list of supported currencies.

  • We have an offer that was accepted, but the payment transaction failed. Is there a way to reprocess the transaction?

    If a private offer acceptance fails due to an issue with the customer's payment method/account, the customer can try accepting the same private offer again after it is fixed. This time, it should go through. The offer they initially accepted didn't generate any entitlement because it wasn't processed. They can use the same offer link to accept it again, and it should work this time.

  • We have an offer that the customer has tried to accept three times, and we get an acceptance email and then immediately get a cancellation email. Is this a typical payment issue? Is there something that you'd advise us to tell the customers to solve this?

    There are three main reasons why an offer acceptance might fail:

    1. The person trying to accept the offer doesn't have the proper permission to complete that transaction.
    2. Their credit card operator declined the transaction, or they have not correctly set up their account for payment.
    3. AWS can reject them from transacting if they have not paid their latest billing.

    Usually, it's a problem with the customer's credit card or with their payment account in general. You can contact the customer to have them help you verify the transaction.

    We recommend asking in the discovery if they are on an Invoice or Credit Card with AWS. If they are on a Credit Card, tell them they need to make sure that their Bank knows this transaction is about to be processed so that it does not get rejected, as often Credit Card companies will reject due to the size of the transaction as possible fraud.